A collection of notable security news items for the week ending October 31, 2014. Covers enterprise, controversies, reports and more.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of security. He is the author of three books and thousands of published articles and many more unpublished, private reports. Larry has been Technical Director at several test laboratories where he both directed and ran product testing, with a special interest in test automation. Larry began his career as a Software Engineer at the now-defunct Desktop Software Corporation in Princeton, NJ, on the team that wrote the NPL 4GL query language. He also worked on corporate IT and software development at Chase Econometrics. Larry is a graduate of the University of Pennsylvania with a degree in Public Policy.
Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that includes ABC News and the Wall Street Journal. She has authored and edited award-winning, best selling books in eight translations and has been a sex columnist for the San Francisco Chronicle. She has given keynote talks at such conferences as ETech, LeWeb, and the Forbes Brand Leadership Conference, and has given two Tech Talks at Google. In 2010, the London Times named Blue one of “40 bloggers who really count.” Ms. Blue is the author of The Smart Girl's Guide to Privacy. Violet Blue bio courtesy of TTI Vanguard.
The 'Highly Critical' vulnerability revealed two weeks ago was widely exploited just hours after it was announced. But there's no evidence yet of actual, widespread attacks.
CurrentC, the merchant's answer to NFC payment systems, has been hacked during its pilot program.
By default, Internet Explorer on Windows client systems supports SSL version 3.0, the version recently found vulnerable to attack. Now there's another way to turn it off.
The Obama Administration has admitted that a cyberattacker was able to gain access to the US government's systems.
New McAfee research claims that a worrying number of organizations are turning off advanced firewall features in order to avoid slowing down networks.
Microsoft made a mistake by extending XP Extended Support. Extending Win7 Mainstream Support some time past the intro of Windows 10 would be different.
The older cellular encryption can be cracked by the National Security Agency, leaked documents previously showed. An upgrade to that security could make eavesdropping a lot harder.
Apps running in mobile operating systems must get permission from the user for all sorts of things. This can be confusing. Do some do it better than others?
FireEye has released a detailed report suggesting that state-sponsored attacks originating from Russia have focused on lifting military, government and security information.
Big Blue has unveiled a new enterprise solution aimed at harnessing Big Data to detect criminal activity in seconds.
The latest vector for exploits of the Shellshock bug in the Bash shell is SMTP, where the mail headers themselves trigger the exploit.
Fake transactions from Brazil take advantage of implementation errors to approve what appear to be chip card purchases without the PIN. Hint to banks: It's "Chip AND PIN," not OR.
Researcher finds malicious Tor exit node which envelops Windows EXEs inside another Windows EXE which drops malware.
A collection of notable security news items for the week ending October 24, 2014. Covers enterprise, controversies, reports and more. UPDATED.